* WF 25.0.1 upgrade light
* Re-enable adapters with old WF versions
* Put server-overlay and server-legacy-dist back to reduce size of PR changes
* Remove some more changes that are not needed
* Fix issues adding to provider properties
* Fix user-profile updates for tests
* tls fixes
* Set WF to 23 for adapter tests
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
* KEYCLOAK-18512: Integrate New Admin Console into Keycloak build
* KEYCLOAK-18512: Integrate New Admin Console into Keycloak build
* Change version to project version. Make experimental.
* Add PAT for reading packages (#12)
* Add PAT for reading packages
* Encode token
* Use generic GH account for installation of packages
* Enable Github packages repo only for snapshots
* KEYCLOAK-18512: Make ADMIN2 experimental instead of preview
* KEYCLOAK-18512: Remove early return
* KEYCLOAK-18512: Fix formatting issue
Co-authored-by: Jon Koops <jonkoops@gmail.com>
error for:
* org.keycloak.testsuite.crossdc.LastSessionRefreshCrossDCTest and
* org.keycloak.testsuite.crossdc.SessionExpirationCrossDCTest
tests, when running cross-DC tests with JDK 11
Signed-off-by: Jan Lieskovsky <jlieskov@redhat.com>
[KEYCLOAK-17227] Return the versions of Wildfly deprecated module in the Arquillian
testsuite to those defined by Wildfly 21
Signed-off-by: Jan Lieskovsky <jlieskov@redhat.com>
Base fixes:
* [KEYCLOAK-17228] Upgrade Keycloak to Wildfly 23.0.0.Final / Wildfly Core 15.0.0.Final
Other (related) fixes:
* [KEYCLOAK-17477] Update org.wildfly.common to 1.5.4.Final
* [KEYCLOAK-17478] Update wildfly-galleon-maven-plugin to 5.1.0.Final
* [KEYCLOAK-17479] Keycloak Galleon Feature Pack: Adapter fails to build on top of Wildfly 23
* [KEYCLOAK-17482] Sync Wildfly 23 model changes to Keycloak
* [KEYCLOAK-17508] Apply workaround for WFCORE-5335
* [KEYCLOAK-17231] Update org.keycloak.testsuite.metrics.MetricsRestServiceTest
to work with org.wildfly.extension.health
* [KEYCLOAK-17585] Fix Quarkus startup failure post applying Wildfly 23 upgrade changes
* [KEYCLOAK-17583] Fix ConfigMigrationTest post applying Wildfly 23 model changes
* [KEYCLOAK-17584] Fix ActionTokenCrossDCTest#sendResetPasswordEmailSuccessWorksInCrossDc
test failure post applying Wildfly 23 upgrade changes
Signed-off-by: Jan Lieskovsky <jlieskov@redhat.com>
Base fixes:
* [KEYCLOAK-16724] Upgrade Keycloak to Wildfly 22.0.0.Beta1 / Wildfly Core 14.0.0.Beta4
* [KEYCLOAK-16822] Upgrade Keycloak to Wildfly 22.0.0.Final / Wildfly Core 14.0.0.Final
* [KEYCLOAK-17158] Upgrade Keycloak to Wildfly 22.0.1.Final / Wildfly Core 14.0.1.Final
Other (related) fixes:
* [KEYCLOAK-16174] Upgrade (RH-SSO adapters) to EAP CD 21
* [KEYCLOAK-16202] Don't upgrade versions of httpclient and httpcore in the Fuse adapter
as part of the Wildfly upgrade script run
* [KEYCLOAK-16737] Keycloak core depends on org.bouncycastle:bcprov-jdk15on:1.65, which
suffers from CVE-2020-28052
* [KEYCLOAK-16907] ConfigMigrationTest fails after upgrade to Wildfly 22.0.0.Final
* [KEYCLOAK-17156] org.keycloak.test.config.migration.ConfigMigrationTest fails with
'illegal reflective access to method com.sun.net.ssl.internal.ssl.Provider.isFIPS()'
Signed-off-by: Jan Lieskovsky <jlieskov@redhat.com>
Base fixes:
* [KEYCLOAK-15780] Upgrade Keycloak to Wildfly 21.0.0.Beta1 / Wildfly Core 13.0.0.Beta6
* [KEYCLOAK-16031] Upgrade Keycloak to Wildfly 21.0.0.Final / Wildfly Core 13.0.1.Final
* [KEYCLOAK-16442] Upgrade Keycloak to Wildfly 21.0.1.Final / Wildfly Core 13.0.3.Final
Other (dependent) fixes:
* [KEYCLOAK-15408] Deprecate former Wildfly and Wildfly Core versions in Arquillian's
testsuite pom.xml file as part of the upgrade script
* [KEYCLOAK-15442] Update the version of 'jboss-parent' as part of the Wildfly upgrade
script if necessary
* [KEYCLOAK-15474] Add --verbose and --force options to the Wildfly upgrade automated script
* [KEYCLOAK-15649] Update "urn:jboss:domain:infinispan:10.0" version as part of the Wildfly
upgrade automated script
* [KEYCLOAK-15652] Wildfly upgrade automated script - Align Python artifact version
comparsion algorithm with the Maven / Java one
Signed-off-by: Jan Lieskovsky <jlieskov@redhat.com>
Adapted Jetty94SessionManager to workaround Jetty 9.4 API changes.
The Method org.eclipse.jetty.server.session.SessionHandler#getHttpSession
was changed from public to protected which makes it no longer accessible.
As a workaround the method contents were inlined.
- removing hardcoded `jackson.version` from performance testsuite pom
- moving `jackson.annotations.version` from performance testsuite pom to the root pom
`npm install` is changed to run at build time, removing the need for commiting
the js modules, which are getting a bit silly in size with the introduction of
account2. Appropriate changes to prod-arguments.json are included that should
enable the product build to function properly. The community and developer
builds will continue to work without the proxying PNC provides.
This also changes the themes pom to work with more than one `package.json`
file. The only other one at the moment is for the new account console /
account2.
The documentation file has been updated.
Since we're building directly out of the source directories, it is possible in
a local dev environment for unintended files (e.g. old compiled .js files),
placed within src/main/resources/, to be included in the themes jar. This
shouldn't be a problem for actual builds though, which use a fresh clone.
Other small changes include refactoring the npm setup stuff to a global
definition, and the introduction of some properties to avoid duplicating path
definitions everywhere.
This commit does not include the churn that would result from deleting the
existing commited modules.
KEYCLOAK-9584 Update Wildfly Arquillian version
KEYCLOAK-9581: Fix CookiePathTests
KEYCLOAK-9607 CLI sripts and configuration files update
KEYCLOAK-9580 Fix component registration error
KEYCLOAK-9590 Update JDG to newest version
* Infinispan is using whatever version is set in root pom.xml.
KEYCLOAK-9509 Fix Undertow tests
Co-Authored-By: vramik <vramik@redhat.com>
Co-Authored-By: sebastienblanc <scm.blanc@gmail.com>
When `product.filename.version` is hardcoded to 7.2, it obviously doesn't
update when `product.rhsso.version` changes. By using
build-helper-maven-plugin, it's now derived automatically, and we shouldn't see
this issue pop up again for e.g. 7.4.
remove built directory
update snapshot version references
refactor out core library to remove duplication
adapter for spring boot 2
remove built directory
update snapshot version references
Revert "merge from upstream"
This reverts commit 88c39a2f23b8f2d4b25360e2b46e683d11b4972b, reversing
changes made to f0811145ceeb8ec609ed66b06067f797e288aa89.
setting correct versions
updating to latest keycloak
arquillian test app for spring boot2
update to 2.0.0.RELEASE
added Rest Customizer
Symlinks are frequently unavailable on Windows (must be on NTFS and user must
have SeCreateSymbolicLinkPrivilege). Removing the symlinks for licenses/common/
should enable the build to function mostly normally on Windows. The individual
license files will be incorrect, but that shouldn't matter for local builds.
Release builds are done on *nix.
The plugin rolls several different plugin executions into one. The common files
are distributed using a resource jar, used by and unpacked by the plugin.
org.keycloak dependencies will be automatically added to the xml during the
build, removing the need for runs of download-license-files.sh every time the
keycloak version changes.
Documentation on "why and how" for the license data has also been added.
To reduce code duplication issues, plugin definitions are stored in
keycloak-parent, but only active in the projects that need them (not bound to
any phase by default). Also, the common files have been moved into
licenses/common/, so that a single symlink will suffice to replicate the
current and future files needed by the plugin executions. While the
assembly.xml definitions remain duplicated, they are fairly minimal and
shouldn't need to change often.
License data is available for all adapters shipped in the product, plus
server-feature-pack.
The keycloak slot is populated with data, in addition to the rh-sso slot. A
number of the adapters don't depend on any third-party artifacts, so they have
(mostly) blank license.xml files.
* KEYCLOAK-5298: Enable autoescaping in Freemarker
* Fix several of the failing tests.
* Fix broken tests in integration-deprecated
* Fix last failing test.
* KEYCLOAK-5244 Add BlacklistPasswordPolicyProvider
This introduces a new PasswordPolicy which can refer to
a named predefined password-blacklist to avoid users
choosing too easy to guess passwords.
The BlacklistPasswordPolicyProvider supports built-in as
well as custom blacklists.
built-in blacklists use the form `default/filename`
and custom ones `custom/filename`, where filename
is the name of the found blacklist-filename.
I'd propose to use some of the freely available password blacklists
from the [SecLists](https://github.com/danielmiessler/SecLists/tree/master/Passwords) project.
For testing purposes one can download the password blacklist
```
wget -O 10_million_password_list_top_1000000.txt https://github.com/danielmiessler/SecLists/blob/master/Passwords/10_million_password_list_top_1000000.txt?raw=true
```
to /data/keycloak/blacklists/
Custom password policies can be configured with the SPI
configuration mechanism via jboss-cli:
```
/subsystem=keycloak-server/spi=password-policy:add()
/subsystem=keycloak-server/spi=password-policy/provider=passwordBlacklist:add(enabled=true)
/subsystem=keycloak-server/spi=password-policy/provider=passwordBlacklist:write-attribute(name=properties.blacklistsFolderUri, value=file:///data/keycloak/blacklists/)
```
Password blacklist is stored in a TreeSet.
* KEYCLOAK-5244 Encode PasswordBlacklist as a BloomFilter
We now use a dynamically sized BloomFilter with a
false positive probability of 1% as a backing store
for PasswordBlacklists.
BloomFilter implementation is provided by google-guava
which is available in wildfly.
Password blacklist files are now resolved against
the ${jboss.server.data.dir}/password-blacklists.
This can be overridden via system property, or SPI config.
See JavaDoc of BlacklistPasswordPolicyProviderFactory for details.
Revised implementation to be more extensible, e.g. it could be
possible to use other stores like databases etc.
Moved FileSystem specific methods to FileBasesPasswordBlacklistPolicy.
The PasswordBlacklistProvider uses the guava version 20.0
shipped with wildfly. Unfortunately the arquillian testsuite
transitively depends on guava 23.0 via the selenium-3.5.1
dependency. Hence we need to use version 23.0 for tests but 20.0
for the policy provider to avoid NoClassDefFoundErrors in the
server-dist.
Configure password blacklist folder for tests
* KEYCLOAK-5244 Configure jboss.server.data.dir for test servers
* KEYCLOAK-5244 Translate blacklisted message in base/login
Use a newer version of the server-provisioning-plugin.
By using a newer version of the plugin, we can reduce
the amount of build code that replicates the provisioning
logic when building overlays.
This applies to both:
* Server distribution overlay
* Adapter distribution overlay
Both overlays are created purely by using the provisioning
plugin and the feature-packs produced elsewhere in the build,
along with the admin-cli artifact when appropriate.
- Revert "[KEYCLOAK-3580] - Migrate DBus Java from Unix Socket C library to jnr-unixsocket"
This reverts commit 6c5d1b9214.
- Use JNA RPM, instead of Maven
- Provide username/password authentication with PAM
- Obtain user data from SSSD
- Feature packs for dbus-java, libpam4j and SSSD API
- Provisioning script